<!DOCTYPE HTML>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> 
    <title> - 天地维杰网</title>
    <meta name="keywords" content="系统架构,shutdown,不与天斗,Domino,博客,程序员,架构师,笔记,技术,分享,java,Redis">
    
    <meta property="og:title" content="">
    <meta property="og:site_name" content="天地维杰网">
    <meta property="og:image" content="/img/author.jpg"> 
    <meta name="title" content=" - 天地维杰网" />
    <meta name="description" content="天地维杰网 | 博客 | 软件 | 架构 | Java "> 
    <link rel="shortcut icon" href="http://www.shutdown.cn/img/favicon.ico" />
    <link rel="apple-touch-icon" href="http://www.shutdown.cn/img/apple-touch-icon.png" />
    <link rel="apple-touch-icon-precomposed" href="http://www.shutdown.cn/img/apple-touch-icon.png" />
    <link href="http://www.shutdown.cn/js/vendor/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/js/vendor/fancybox/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/css/main.css" rel="stylesheet" type="text/css" />
    <link href="http://www.shutdown.cn/css/syntax.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" id="hexo.configuration">
  var NexT = window.NexT || {};
  var CONFIG = {
    scheme: 'Pisces',
    sidebar: {"position":"left","display":"post"},
     fancybox: true, 
    motion: true
  };
</script>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7826003325059020" crossorigin="anonymous"></script>
</head>
<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">
<div class="container one-collumn sidebar-position-left page-home  ">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"> <div class="site-meta  custom-logo ">

  <div class="custom-logo-site-title">
    <a href="http://www.shutdown.cn"  class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <span class="site-title">天地维杰网</span>
      <span class="logo-line-after"><i></i></span>
    </a>
  </div>
  <p class="site-subtitle">人如秋鸿来有信，事若春梦了无痕</p>
</div>

<div class="site-nav-toggle">
  <button>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
  </button>
</div>

<nav class="site-nav">
    <ul id="menu" class="menu">
      
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />首页
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/redis/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-battery-full"></i> <br />Redis
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/java/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-coffee"></i> <br />java
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/linux/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-linux"></i> <br />linux
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/daily/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-bug"></i> <br />日常问题
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/spring/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-child"></i> <br />Spring和Springboot
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/mac/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-fire"></i> <br />Mac相关
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/middleware/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-gavel"></i> <br />中间件
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/jiagou/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-rocket"></i> <br />架构
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/python/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-ship"></i> <br />python
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/front/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-bolt"></i> <br />前端
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/jvm/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-balance-scale"></i> <br />jvm
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/c/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-battery-empty"></i> <br />c语言
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/categories/web3/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-web3"></i> <br />web3
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/post/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />归档
          </a>
        </li>
      
        <li class="menu-item ">
          <a href="http://www.shutdown.cn/about/" rel="section">
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br />关于
          </a>
        </li>
      
      <li class="menu-item menu-item-search">
        <a href="javascript:;" class="popup-trigger"> <i class="menu-item-icon fa fa-search fa-fw"></i> <br /> 搜索</a>
      </li>
    </ul>
    <div class="site-search">
      <div class="popup">
 <span class="search-icon fa fa-search"></span>
 <input type="text" id="local-search-input">
 <div id="local-search-result"></div>
 <span class="popup-btn-close">close</span>
</div>

    </div>
</nav>

 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            
<section id="posts" class="posts-expand">
  <article class="post post-type-normal " itemscope itemtype="http://schema.org/Article">
    <header class="post-header">
      <h1 class="post-title" itemprop="name headline">
        <a class="post-title-link" href="http://www.shutdown.cn/post/redis6.0%E6%96%B0%E7%89%B9%E6%80%A7-acl%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6%E5%85%B6%E4%BA%8C/" itemprop="url">
        
        </a>
      </h1>
      <div class="post-meta">
      <span class="post-time">
<span class="post-meta-item-icon">
    <i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">时间：</span>
<time itemprop="dateCreated" datetime="2016-03-22T13:04:35+08:00" content="0001-01-01">
    0001-01-01
</time>
</span> 
      
      
       <span>
&nbsp; | &nbsp;
<span class="post-meta-item-icon">
    <i class="fa fa-eye"></i>
</span>
<span class="post-meta-item-text">阅读：</span>
<span class="leancloud-visitors-count">1320 字 ~7分钟</span>
</span>
      </div>
    </header>
    <div class="post-body" itemprop="articleBody">
    

    

<blockquote>
<p>原文地址 <a href="https://www.cnblogs.com/zhoujinyi/p/13222464.html">https://www.cnblogs.com/zhoujinyi/p/13222464.html</a></p>
</blockquote>

<h2 id="背景">背景</h2>

<p>在Redis6.0之前的版本中，登陆Redis Server只需要输入密码（前提配置了密码 requirepass ）即可，不需要输入用户名，而且密码也是明文配置到配置文件中，安全性不高。并且应用连接也使用该密码，导致应用有所有权限处理数据，风险也极高。在Redis6.0有了<a href="https://redis.io/topics/acl">ACL</a>之后，终于解决了这些不安全的因素，可以按照不同的需求设置相关的用户和权限。本文来介绍下Redis 6.0 ACL相关的配置和使用。具体的说明可以查看官方文档：<strong><a href="https://redis.io/topics/acl">ACL</a></strong></p>

<h2 id="说明">说明</h2>

<p>​    Redis ACL 是向后兼容的，即默认情况下用户为default，使用的是requirepass配置的密码。要是不使用ACL功能，对旧版客户端来说完全一样。Redis Auth可以有2种方式进行工作：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">1:旧版本的使用方式，默认用户。兼容旧版本Redis的支持
AUTH &lt;password&gt;
2:新方式，还需要验证用户名
AUTH &lt;username&gt; &lt;password&gt;</code></pre></div>
<p>因为需要验证用户名了，所以客户端的认证方式也多了参数：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">  --user &lt;username&gt;  验证用户名
  --pass &lt;password&gt;  验证密码,是参数-a的别名;配合--user使用
  --askpass          强制用户输入带有STDIN掩码的密码</code></pre></div>
<p>现在开始来说明如何在Redis中根据ACL来定制需要的用户权限。首先看ACL的help，了解大致的使用方法：ACL help</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL <span style="color:#204a87">help</span>
 1<span style="color:#ce5c00;font-weight:bold">)</span> ACL &lt;subcommand&gt; arg arg ... arg. Subcommands are:
 2<span style="color:#ce5c00;font-weight:bold">)</span> LOAD                             -- 从ACL文件中重新载入用户信息.
 3<span style="color:#ce5c00;font-weight:bold">)</span> SAVE                             -- 保存当前的用户配置信息到ACL文件.
 4<span style="color:#ce5c00;font-weight:bold">)</span> LIST                             -- 以配置文件格式显示用户详细信息.
 5<span style="color:#ce5c00;font-weight:bold">)</span> USERS                            -- 列出所有注册的用户名.
 6<span style="color:#ce5c00;font-weight:bold">)</span> SETUSER &lt;username&gt; <span style="color:#ce5c00;font-weight:bold">[</span>attribs ...<span style="color:#ce5c00;font-weight:bold">]</span> -- 创建或则修改一个用户.
 7<span style="color:#ce5c00;font-weight:bold">)</span> GETUSER &lt;username&gt;               -- 得到一个用户的详细信息.
 8<span style="color:#ce5c00;font-weight:bold">)</span> DELUSER &lt;username&gt; <span style="color:#ce5c00;font-weight:bold">[</span>...<span style="color:#ce5c00;font-weight:bold">]</span>         -- 删除列表中的用户.
 9<span style="color:#ce5c00;font-weight:bold">)</span> CAT                              -- 列出可用的类别.
10<span style="color:#ce5c00;font-weight:bold">)</span> CAT &lt;category&gt;                   -- 列出指定类别中的命令.
11<span style="color:#ce5c00;font-weight:bold">)</span> GENPASS <span style="color:#ce5c00;font-weight:bold">[</span>&lt;bits&gt;<span style="color:#ce5c00;font-weight:bold">]</span>                 -- 生成一个安全的用户密码.
12<span style="color:#ce5c00;font-weight:bold">)</span> WHOAMI                           -- 返回当前的连接用户.
13<span style="color:#ce5c00;font-weight:bold">)</span> LOG <span style="color:#ce5c00;font-weight:bold">[</span>&lt;count&gt; <span style="color:#000;font-weight:bold">|</span> RESET<span style="color:#ce5c00;font-weight:bold">]</span>            -- 显示ACL日志条目.</code></pre></div>
<p><strong>使用方法：</strong></p>

<p>在创建用户之前，先说明下ACL的规则，首先看下一个完整的用户权限的格式：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL LIST  --显示用户信息
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span></code></pre></div>
<p><strong><a href="https://redis.io/topics/acl#acl-rules">格式说明</a>：</strong></p>

<table>
<thead>
<tr>
<th>**参 数 **</th>
<th><strong>说明</strong></th>
</tr>
</thead>

<tbody>
<tr>
<td><a href="https://redis.io/commands/acl-setuser">user</a></td>
<td>用户</td>
</tr>

<tr>
<td>default</td>
<td>表示默认用户名，或则自己定义的用户名</td>
</tr>

<tr>
<td>on</td>
<td>表示是否启用该用户，默认为off（禁用）</td>
</tr>

<tr>
<td>#&hellip;</td>
<td>表示用户密码，nopass表示不需要密码</td>
</tr>

<tr>
<td>~*</td>
<td>表示可以访问的Key（正则匹配）</td>
</tr>

<tr>
<td>+@</td>
<td>表示用户的权限，+/-表示授权还是销权； @为权限类。+@all 表示所有权限</td>
</tr>
</tbody>
</table>

<ul>
<li><p><strong>密码相关</strong>：
① 配置密码：一个用户可以设置不同的密码，即一个用户可以有多个密码。</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">-- 添加密码 
<span style="color:#8f5902;font-style:italic">## &gt;开头: &gt;password，明文密码；</span>
&gt; ACL SETUSER zhoujy on &gt;abc
OK
  
<span style="color:#8f5902;font-style:italic"># 获取哈希值密码 echo -n &#34;cba&#34; | shasum -a 256</span>
6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d
  
<span style="color:#8f5902;font-style:italic">## #开头: #hash，SHA-256哈希值</span>
&gt; ACL SETUSER zhoujy on <span style="color:#8f5902;font-style:italic">#6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d</span>
OK
  
<span style="color:#8f5902;font-style:italic">## 查看</span>
&gt; ACL GETUSER zhoujy
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
4<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad&#34;</span>
 2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d&#34;</span>
5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;-@all&#34;</span>
7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
8<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>empty array<span style="color:#ce5c00;font-weight:bold">)</span>
  
<span style="color:#8f5902;font-style:italic">## 认证密码</span>
&gt; AUTH zhoujy abc
OK
&gt; AUTH zhoujy cba
OK
  
  
-- 移除密码
<span style="color:#8f5902;font-style:italic">## &lt;开头: &lt;password ，明文密码</span>
&gt; ACL SETUSER zhoujy &lt;abc
OK
  
<span style="color:#8f5902;font-style:italic">## 用!开头: !hash，SHA-256哈希值</span>
&gt; ACL SETUSER zhoujy on !6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d
OK
  
<span style="color:#8f5902;font-style:italic">## 查看</span>
&gt; ACL GETUSER zhoujy
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>empty array<span style="color:#ce5c00;font-weight:bold">)</span>
5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;-@all&#34;</span>
7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
8<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>empty array<span style="color:#ce5c00;font-weight:bold">)</span>
  
<span style="color:#8f5902;font-style:italic">## 认证密码</span>
&gt; AUTH zhoujy abc
<span style="color:#ce5c00;font-weight:bold">(</span>error<span style="color:#ce5c00;font-weight:bold">)</span> WRONGPASS invalid username-password pair</code></pre></div></li>
</ul>

<p>② 清理/删除密码：通过nopass清理用户的密码，但是该用户连接还是需要AUTH，只是密码可以是任意值</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 清理/删除密码，可以用任意密码登陆
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL GETUSER zhoujy
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allkeys&#34;</span>
     3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allcommands&#34;</span>
  3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
  4<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d&#34;</span>
  5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
  6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;+@all&#34;</span>
  7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
  8<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;*&#34;</span>
  
  <span style="color:#8f5902;font-style:italic">## 删除、清理用户密码</span>
  &gt; ACL SETUSER zhoujy nopass
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL GETUSER zhoujy
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allkeys&#34;</span>
     3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allcommands&#34;</span>
     4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;nopass&#34;</span>
  3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
  4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>empty array<span style="color:#ce5c00;font-weight:bold">)</span>
  5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
  6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;+@all&#34;</span>
  7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
  8<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;*&#34;</span>
  
  <span style="color:#8f5902;font-style:italic">## 验证</span>
  &gt; AUTH zhoujy  --需要AUTH
  <span style="color:#ce5c00;font-weight:bold">(</span>error<span style="color:#ce5c00;font-weight:bold">)</span> WRONGPASS invalid username-password pair
  
  &gt; AUTH zhoujy <span style="color:#4e9a06">&#39;&#39;</span>  --可以输入任何密码
  OK
  
  
  -- 清理/删除密码，不能登陆，需要设置密码后才能登陆
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL GETUSER zhoujy
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allkeys&#34;</span>
     3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allcommands&#34;</span>
  3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
  4<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;6d970874d0db767a7058798973f22cf6589601edab57996312f2ef7b56e5584d&#34;</span>
  5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
  6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;+@all&#34;</span>
  7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
  8<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;*&#34;</span>
  
  <span style="color:#8f5902;font-style:italic">## 删除、清理用户密码</span>
  &gt; ACL SETUSER zhoujy resetpass
  OK
  &gt; ACL GETUSER zhoujy
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;flags&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;on&#34;</span>
     2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allkeys&#34;</span>
     3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;allcommands&#34;</span>
  3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;passwords&#34;</span>
  4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>empty array<span style="color:#ce5c00;font-weight:bold">)</span>
  5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;commands&#34;</span>
  6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;+@all&#34;</span>
  7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keys&#34;</span>
  8<span style="color:#ce5c00;font-weight:bold">)</span> 1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;*&#34;</span>
  
  <span style="color:#8f5902;font-style:italic">## 验证，被resetpass重置密码之后，不能登陆，只能设置密码或则设置nopass才能登陆</span>
  &gt; AUTH zhoujy
  <span style="color:#ce5c00;font-weight:bold">(</span>error<span style="color:#ce5c00;font-weight:bold">)</span> WRONGPASS invalid username-password pair
  
  &gt; AUTH zhoujy <span style="color:#4e9a06">&#39;&#39;</span>
  <span style="color:#ce5c00;font-weight:bold">(</span>error<span style="color:#ce5c00;font-weight:bold">)</span> WRONGPASS invalid username-password pair</code></pre></div>
<p>③ 重置用户和密码：实际上是执行 resetpass，resetkeys，off，-@all</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  
  <span style="color:#8f5902;font-style:italic">## 重置用户</span>
  &gt; ACL SETUSER zhoujy reset
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy off -@all&#34;</span></code></pre></div>
<p>④ 获取随机密码：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 生成随机密码
  &gt; ACL GENPASS
  <span style="color:#4e9a06">&#34;7a3288b05577cb6fea9b1a9a8bcfe10d9589e64be74e8a0e16c131ba896c7bde&#34;</span></code></pre></div>
<ul>
<li><p><strong>键模式</strong>：~<pattern>，通配符模式。比如： ~*表示允许访问所有key，也可以用 <code>**allkeys**来表示**~\***。**resetkeys** 表示清空它之前所有的键模式，之后的键模式不影响。</code></p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">-- 可以操作foo开头和bar:开头的所有key
&gt; ACL SETUSER zhoujy on &gt;abc ~foo* ~bar:*+@all
OK
  
<span style="color:#8f5902;font-style:italic">## 查看</span>
&gt; ACL LIST
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~foo* ~bar:*+@all&#34;</span>
  
--  只能操作ob:开头的key，前面的key模式被resetkeys清空了
&gt; ACL SETUSER zhoujy on &gt;abc ~foo* ~bar:* resetkeys ~ob:*+@all
OK
  
<span style="color:#8f5902;font-style:italic">## 查看</span>
&gt; ACL LIST
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~ob:*+@all&#34;</span>
  
-- 操作所有key，allkeys 和 ~* 一样
&gt; ACL SETUSER zhoujy allkeys +@all
OK
&gt; ACL LIST
1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  
<span style="color:#8f5902;font-style:italic">## 查看</span>
2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~*+@all&#34;</span></code></pre></div></li>

<li><p>权限相关：</p></li>
</ul>

<p>权限这块涉及到的比较多：权限的类别、类别里包含的命令，以及子权限。
  注意：<strong>-@all</strong>表示没有任何权限；<strong>+@all</strong>表示有所有权限；</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 返回权限的类别
  &gt; ACL CAT
   1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;keyspace&#34;</span>
   2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;read&#34;</span>
   3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;write&#34;</span>
   4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;set&#34;</span>
   5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;sortedset&#34;</span>
   6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;list&#34;</span>
   7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hash&#34;</span>
   8<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;string&#34;</span>
   9<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;bitmap&#34;</span>
  10<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hyperloglog&#34;</span>
  11<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;geo&#34;</span>
  12<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;stream&#34;</span>
  13<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;pubsub&#34;</span>
  14<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;admin&#34;</span>
  15<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;fast&#34;</span>
  16<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;slow&#34;</span>
  17<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;blocking&#34;</span>
  18<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;dangerous&#34;</span>
  19<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;connection&#34;</span>
  20<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;transaction&#34;</span>
  21<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;scripting&#34;</span>
  
  -- 返回指定类别中的命令，下面hash是上面返回的一个结果
  &gt; ACL CAT <span style="color:#204a87">hash</span>
   1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hsetnx&#34;</span>
   2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hset&#34;</span>
   3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hlen&#34;</span>
   4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hmget&#34;</span>
   5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hincrbyfloat&#34;</span>
   6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hgetall&#34;</span>
   7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hvals&#34;</span>
   8<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hscan&#34;</span>
   9<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hkeys&#34;</span>
  10<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hstrlen&#34;</span>
  11<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hget&#34;</span>
  12<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hdel&#34;</span>
  13<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hexists&#34;</span>
  14<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hincrby&#34;</span>
  15<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;hmset&#34;</span> </code></pre></div>
<p>从上面的权限列表里看到：权限对key的类型和命令的类型进行了分类，如有对类型进行分类：string、hash、list、set、sortedset，和对命令类型进行分类：connection、admin、dangerous。 以及对每个分类的方法进行说明，如上面查看hash类型key的一些方法。
  <strong>授权方法</strong>：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">  +&lt;command&gt;：将命令添加到用户可以调用的命令列表中，如+@hash
  -&lt;command&gt;: 将命令从用户可以调用的命令列表中移除
  +@&lt;category&gt;: 添加一类命令，如：@admin, @set, @hash ... 可以ACL CAT 查看具体的操作指令。特殊类别@all表示所有命令，包括当前在服务器中存在的命令，以及将来将通过模块加载的命令
  -@&lt;category&gt;: 类似+@&lt;category&gt;，从客户端可以调用的命令列表中删除命令
  +&lt;command&gt;|subcommand: 允许否则禁用特定子命令。注意，这种形式不允许像-DEBUG | SEGFAULT那样，而只能以“ +”开头
  allcommands：+@all的别名，允许所有命令操作执行。注意，这意味着可以执行将来通过模块系统加载的所有命令。
  nocommands：-@all的别名，不允许所有命令操作执行。</code></pre></div>
<p>① 添加指定类型的权限：+@hash</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 添加hash类型key的所有权限
  &gt; ACL SETUSER zhoujy +@hash
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* -@all +@hash&#34;</span> </code></pre></div>
<p><strong>说明</strong>：用户zhoujy只有对hash类型的key有权限。</p>

<p>② 删除指定类型的权限：-@hash</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 删除hash类型key的所有权限
  &gt; ACL SETUSER zhoujy -@hash +@string
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad -@all +@string&#34;</span></code></pre></div>
<p><strong>说明</strong>：用户zhoujy移除对hash类型的key有权限。
  ③ 指定特定key的权限：如sortedset：~z*，z开头的key</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 访问指定key的正则
  &gt; ACL SETUSER zhoujy ~z* +@sortedset -@string
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~z* -@all +@sortedset&#34;</span></code></pre></div>
<p><strong>说明</strong>：用户zhoujy只有对z开头的key有权限。</p>

<p>④ 授权只读/只写的权限：+@read、+@write</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 授权所有key的只读权限
  &gt; ACL SETUSER zhoujy ~* +@read
  OK
  
  <span style="color:#8f5902;font-style:italic">##查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* -@all +@read +@hash +@bitmap +@geo -georadiusbymember -hsetnx -setbit -hset -geoadd -bitop -hincrbyfloat -hdel -bitfield -hincrby -hmset -georadius&#34;</span>
  
  -- 授权所有key的只写权限
  &gt; ACL SETUSER zhoujy +@write
  OK
  
  <span style="color:#8f5902;font-style:italic">##查看</span>
  192.168.163.134:8379&gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* -@all +@write +@list +@string +@stream +@fast +@blocking -dbsize -getrange -scard -xrevrange -zrank -llen -xread -ttl -get -ping -watch -publish -hlen -xrange -stralgo -zcount -getbit -lastsave -readonly -hmget -hello -zcard -discard -hstrlen -xinfo -hget -exists -bitfield_ro -select -role -zlexcount -zrevrank -lolwut -hexists -touch -lindex -unwatch -sismember -strlen -xlen -asking -type -mget -time -xpending -echo -multi -auth -readwrite -lrange -pttl -zscore -substr&#34;</span></code></pre></div>
<p><strong>说明</strong>：用户zhoujy对所有key有只读或则只写的权限，如果下个这对指定key，则替换 <strong>~*</strong> 即可。
  ⑤ 授权管理权限：@admin</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 授权管理权限
  &gt; ACL SETUSER zhoujy on &gt;abc ~* +@admin
  OK
  
  <span style="color:#8f5902;font-style:italic">## 查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* -@all +@admin +@dangerous -flushall -flushdb -swapdb -keys -role -sort -migrate -restore-asking -restore -info&#34;</span></code></pre></div>
<p><strong>说明</strong>：用户zhoujy有管理权限，包含了危险操作的类型，但排除了<strong>-</strong>开头命令的权限。</p>

<p>⑥ 允许特定类型key的子命令权限：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 设置子命令。
  &gt; ACL SETUSER zhoujy on &gt;abc ~* -client +client<span style="color:#000;font-weight:bold">|</span>getname +client<span style="color:#000;font-weight:bold">|</span>setname
  OK
  
  <span style="color:#8f5902;font-style:italic">##查看</span>
  &gt; ACL LIST
  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user default on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all&#34;</span>
  2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;user zhoujy on #ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* -@all +client|getname +client|setname&#34;</span></code></pre></div>
<p><strong>说明</strong>：开始删除CLIENT命令，然后添加了两个允许的子命令。请注意，不能相反，即不能+在前面，只能添加而不是排除子命令，因为将来可能会添加新的子命令。<strong>注意</strong>子命令匹配可能会增加一些性能损失。
  ⑦：特定用途的账号权限：Sentinel 和 Replicas</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- Sentinel：允许用户在主和副本实例中都有以下命令权限
  &gt; ACL SETUSER sentinel-user &gt;somepassword +client +subscribe +publish +ping +info +multi +slaveof +config +client +exec on
  OK
  
  -- Replicas:副本需要在主实例上有以下命令权限
  &gt; ACL SETUSER replica-user &gt;somepassword +psync +replconf +ping on
  OK</code></pre></div>
<ul>
<li><p><strong>保存、加载相关</strong>：save、load
通过ACL创建的用户是保存在内存里的，如果Redis Server重启则ACL创建的用户会丢失，所以在创建完用户后需要用<strong>save</strong>保存，在重启之后需要用<strong>load</strong>加载。有两种方式进行保存和加载：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">1，使用ACL命令:ACL SAVE、ACL LOAD
2，使用Redis配置，用户被定义，然后重启服务器并生效。 或者使用外部ACL文件，使用ACL LOAD 来导入ACL信息</code></pre></div></li>
</ul>

<p><strong>注意：ACL的配合文件需要事先手动touch，否则实例启动会失败。</strong>在redis.conf里配置和acl文件里配置的方法互不兼容，Redis会要求使用其中一种。 否则实例启动报错：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">  -- 报错信息
  #Configuring Redis with users defined in redis.conf and at the same setting an ACL file path is invalid. This setup is very likely to lead to configuration errors and security holes, please define either an ACL file or declare users directly in your redis.conf, but not both.</code></pre></div>
<p>在redis.conf中指定用户是一种非常简单的方法，适用于简单的用例。 当有多个用户要定义时，在复杂的环境中，强烈建议使用ACL文件。该2个文件里的配置内容是一致的，可以相互进行配置，如格式如下：在redis.conf和users.acl里的格式</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 配置文件
  user default on <span style="color:#8f5902;font-style:italic">#ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all</span>
  user zhoujy on <span style="color:#8f5902;font-style:italic">#ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad ~* +@all</span></code></pre></div>
<p>① 保存ACL规则</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 保存ACL规则
  &gt; ACL SAVE
  OK</code></pre></div>
<p>② 加载ACL规则</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 加载ACL规则
  &gt; ACL LOAD
  OK</code></pre></div>
<p><strong>说明</strong>：在使用ACL配置文件之后，如果设置了默认用户（default）规则的话，需要看配置文件中aclfile和requirepass参数的先后顺序，密码以最后出现的为准。</p>

<ul>
<li>日志相关：</li>
</ul>

<p>显示最近的ACL安全事件列表
  通过ACL LOG [<count> | RESET] 返回ACL的日志信息，可以指定条目显示，也可以进行重置：</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">  -- 显示日志信息
  &gt; ACL LOG <span style="color:#0000cf;font-weight:bold">1</span>
  1<span style="color:#ce5c00;font-weight:bold">)</span>  1<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;count&#34;</span>
      2<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#ce5c00;font-weight:bold">(</span>integer<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#0000cf;font-weight:bold">1</span>
      3<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;reason&#34;</span>
      4<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;auth&#34;</span>
      5<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;context&#34;</span>
      6<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;toplevel&#34;</span>
      7<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;object&#34;</span>
      8<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;AUTH&#34;</span>
      9<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;username&#34;</span>
     10<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;zhoujy&#34;</span>
     11<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;age-seconds&#34;</span>
     12<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;282.90499999999997&#34;</span>
     13<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;client-info&#34;</span>
     14<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#4e9a06">&#34;id=5 addr=192.168.163.134:35246 fd=7 name= age=403 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=36 qbuf-free=32732 obl=0 oll=0 omem=0 events=r cmd=auth user=zhoujy&#34;</span>
  
  -- 重置日志，类似slow
  &gt; acl log reset
  OK</code></pre></div>
<p>到此，大致的权限介绍已经结束，后续会不定时更新相关内容。</p>

<h2 id="场景说明">场景说明</h2>

<ol>
<li><p>创建DBA管理账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER dba on <span style="color:#8f5902;font-style:italic">#6d0ac515af9df81653ed0aa3ffa692663c3f556079791e2f00a4578990da66f3 allkeys +@all</span>
OK</code></pre></div></li>

<li><p>创建读写账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER readwrite on &gt;abc allkeys -@all +@read +@write
OK</code></pre></div></li>

<li><p>创建只读账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER <span style="color:#204a87">readonly</span> on &gt;abc allkeys -@all +@read
OK</code></pre></div></li>

<li><p>创建只写账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-fallback" data-lang="fallback">&gt; ACL SETUSER write_user on &gt;abc allkeys -@all +@write
OK</code></pre></div></li>

<li><p>创建复制账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER replica-user &gt;abc -@all +psync +replconf +ping on
OK</code></pre></div></li>

<li><p>创建哨兵账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER sentinel-user &gt;abc -@all +client +subscribe +publish +ping +info +multi +slaveof +config +client +exec on
OK</code></pre></div></li>

<li><p>创建监控账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">&gt; ACL SETUSER monitor on &gt;abc +monitor
OK</code></pre></div></li>

<li><p>创建指定key、有指定类型权限的账号</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">-- 指定对h开头的hash类型的key有权限
&gt; ACL SETUSER ops_user on &gt;abc ~h* +@hash
OK</code></pre></div></li>
</ol>

<p>其中key的模式是正则匹配，需要<strong>~</strong>开头，针对权限则是hash的类，其权限可以通过ACL CAT hash查看。</p>

<p><strong>注意</strong>:以上操作完只有需要执行ACL SAVE。不然重置之后用户信息全部都清空了。</p>

<h2 id="总结">总结</h2>

<p>在默认配置中，Redis 6（第一个具有<strong><a href="https://redis.io/topics/acl">ACL</a></strong>的版本）的工作方式与Redis的旧版本完全相同，即每个新连接都能够调用每个可能的命令并访问每个键，因此ACL功能与旧版本向后兼容。同样使用requirepass配置指令配置密码的旧方法仍然可以按预期工作（只是为默认用户设置密码）。关于ACL更多的操作指南可以看<a href="https://redis.io/commands/acl-cat">官方文档</a>。PS：如果后续有补充会继续更新到文章中。</p>

<h2 id="参考文档">参考文档：</h2>

<p><a href="https://redis.io/topics/acl">https://redis.io/topics/acl</a></p>

<p><a href="https://redis.io/commands/acl-setuser">https://redis.io/commands/acl-setuser</a></p>

    </div>
    <footer class="post-footer">
     

     <div class="post-nav">
    <div class="post-nav-next post-nav-item">
    
        <a href="http://www.shutdown.cn/post/redis6.0%E6%96%B0%E7%89%B9%E6%80%A7-acl%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6%E5%85%B6%E4%B8%80/" rel="next" title="">
        <i class="fa fa-chevron-left"></i> 
        </a>
    
    </div>

    <div class="post-nav-prev post-nav-item">
    
        <a href="http://www.shutdown.cn/post/redis6.0%E6%96%B0%E7%89%B9%E6%80%A7-io%E5%A4%9A%E7%BA%BF%E7%A8%8B%E5%85%B6%E4%B8%80/" rel="prev" title="">
         <i class="fa fa-chevron-right"></i>
        </a>
    
    </div>
</div>
      
     
     
     






    </footer>
  </article>
</section>

          </div>
        </div>
        <div class="sidebar-toggle">
  <div class="sidebar-toggle-line-wrap">
    <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
    <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
    <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
  </div>
</div>
<aside id="sidebar" class="sidebar">
  <div class="sidebar-inner">

    <section class="site-overview sidebar-panel  sidebar-panel-active ">
      <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image"
        src="http://www.shutdown.cn/img/author.jpg"
        alt="不与天斗Domino" />
    <p class="site-author-name" itemprop="name">不与天斗Domino</p>
    <p class="site-description motion-element" itemprop="description"> 
        Programmer &amp; Architect</p>
</div>
      <nav class="site-state motion-element">
    <div class="site-state-item site-state-posts">
      <a href="http://www.shutdown.cn/post/">
        <span class="site-state-item-count">183</span>
        <span class="site-state-item-name">日志</span>
      </a>
    </div>
    <div class="site-state-item site-state-categories">    
        <a href="http://www.shutdown.cn/categories/">      
         
        <span class="site-state-item-count">15</span>
        
        <span class="site-state-item-name">分类</span>
        
        </a>
    </div>

    <div class="site-state-item site-state-tags">
        <a href="http://www.shutdown.cn/tags/">
         
        <span class="site-state-item-count">224</span>
        
        <span class="site-state-item-name">标签</span>
        </a>
    </div>
</nav>
      
      

      

      <div class="links-of-blogroll motion-element inline">
<script type="text/javascript" src="//rf.revolvermaps.com/0/0/8.js?i=&amp;m=0&amp;s=220&amp;c=ff0000&amp;cr1=ffffff&amp;f=arial&amp;l=33&amp;bv=35" async="async"></script>
</div>

    </section>
    
  </div>
</aside>

      </div>
    </main>
   
    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright" >
  <span itemprop="copyrightYear">  &copy; 
  2013 - 2023</span>
  <span class="with-love"><i class="fa fa-heart"></i></span>
  <span class="author" itemprop="copyrightHolder">天地维杰网</span>
  <span class="icp" itemprop="copyrightHolder"><a href="https://beian.miit.gov.cn/" target="_blank">京ICP备13019191号-1</a></span>
</div>
<div class="powered-by">
  Powered by - <a class="theme-link" href="http://gohugo.io" target="_blank" title="hugo" >Hugo v0.63.2</a>
</div>
<div class="theme-info">
  Theme by - <a class="theme-link" href="https://github.com/xtfly/hugo-theme-next" target="_blank"> NexT
  </a>
</div>


      </div>
    </footer>

    <div class="back-to-top">
      <i class="fa fa-arrow-up"></i>
      <span id="scrollpercent"><span>0</span>%</span>
    </div>
  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/jquery/index.js?v=2.1.3"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/fastclick/lib/fastclick.min.js?v=1.0.6"></script> 
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/velocity/velocity.min.js?v=1.2.1"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/vendor/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script src="http://www.shutdown.cn/js/vendor/ua-parser-js/dist/ua-parser.min.js?v=0.7.9"></script>

<script src="http://www.shutdown.cn/js/vendor/fancybox/jquery.fancybox.pack.js?v=2.1.5"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/utils.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/motion.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/affix.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/schemes/pisces.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/scrollspy.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/post-details.js"></script>
<script type="text/javascript" src="http://www.shutdown.cn/js/toc.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/bootstrap.js"></script>

<script type="text/javascript" src="http://www.shutdown.cn/js/search.js"></script>
<script type="text/x-mathjax-config">
  MathJax.Hub.Config({
    extensions: ["tex2jax.js"],
    jax: ["input/TeX", "output/HTML-CSS"],
    tex2jax: {
      inlineMath: [ ['$','$'] ],
      displayMath: [ ['$$','$$'] ],
      processEscapes: true
    },
    "HTML-CSS": { fonts: ["TeX"] }
  });
</script>
<script src='https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-AMS-MML_HTMLorMML' async></script>
</body>
</html>